Bangalore: After security vendor eScan had released a report warning the users against multiple security flaws in Xiaomi’s MIUIOS, the Chinese smartphone brand has strongly rejected that finding.

The company issued an official statement saying that it “strongly disagree” with the allegations made by eScan in its report.

"At Xiaomi, user privacy is of utmost importance. eScan earlier shared a report which list downs few concerns in MIUI. We strongly disagree with the allegations made by eScan in their report. As a global internet company, Xiaomi takes all possible steps to ensure our devices and services adhere to our privacy policy,” Xiaomi spokesperson said in an official statement.

eScan on Thursday had released a report issuing a warning to Xiaomi users of multiple flaws in MIUI system apps which are capable of introducing unintentional vulnerabilities into end-user as well as security apps.

“Unlike other operating systems, MIUI OS by design has multiple security lapses. In particular, the MI-Mover App can override the application sandbox of the android OS thereby posing a significant threat to the installed apps,” eScan report revealed.

The security company’s report claimed of finding several security loopholes in the MI-Mover app. It pointed that MI-Mover app overrides the application sandbox of the Android OS, any device-administrator app can be uninstalled without revoking its device-admin rights and app can be cloned in few minutes without needing to root the device.

MIUI devices rather than deleting, hides the Work-Profile Admin app and isn’t easy to delete that profile and Workspace profiles cannot be differentiated from the personal profile posing a serious challenge from the security point of view in Enterprise Mobility Management, the eScan's report stated.

In response to questions raised against Mi- Mover app, Xiaomi said, “Mi Mover is designed to be a convenient tool for our users to move their data from an old smartphone to a new phone. In order for Mi Mover to initiate this process, a password is required. More importantly, in order to use Mi Mover, the smartphone has to be unlocked. Thus, there are two layers of protection for the user – phone lock and a Mi Mover password that are necessary.”

Further, as per the eScan report, a vendor's security team replied, “As part of exploiting the issue you describe, someone needs to take control of a user's mobile phone and get that phone in an unlocked state. This is a very high barrier to entry and seems unlikely to happen commonly, making this more of a theoretical attack. The protection, in this case, is to not allow someone to steal and unlock your phone,” Xiaomi spokesperson said.

More so, Xiaomi emphasized that it encourages its users to be aware of using various security features available on its smartphones.

“Any perpetrator, who gains physical access to an unlocked phone, is capable of malicious activity and an unlocked phone is greatly at risk of user data being stolen.”

“This is why, we at Xiaomi encourage our users to be more aware of guarding their private data using PIN, pattern locks, or the onboard fingerprint sensor available on most of our smartphones. In fact, prompting users to enable fingerprint lock is a standard step when setting up a Xiaomi smartphone for first use,” the statement said.

Subscribe ETCIO Newsletter

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.